Commit Graph

5 Commits

  • feat: add user-defined safe commands configuration and approval logic #380 (#386)
    This pull request adds a feature that allows users to configure
    auto-approved commands via a `safeCommands` array in the configuration
    file.
    
    ## Related Issue
    #380 
    
    ## Changes
    - Added loading and validation of the `safeCommands` array in
    `src/utils/config.ts`
    - Implemented auto-approval logic for commands matching `safeCommands`
    prefixes in `src/approvals.ts`
    - Added test cases in `src/tests/approvals.test.ts` to verify
    `safeCommands` behavior
    - Updated documentation with examples and explanations of the
    configuration
  • fix(security): Shell commands auto-executing in 'suggest' mode without permission (#197)
    ## Problem
    
    There's a security vulnerability in the current implementation where
    shell commands are being executed without requesting user permission
    even when in 'suggest' mode. According to our documentation:
    
    > In **Suggest** mode (default): All file writes/patches and **ALL
    shell/Bash commands** should require approval.
    
    However, the current implementation in `approvals.ts` was auto-approving
    commands deemed "safe" by the `isSafeCommand` function, bypassing the
    user permission requirement. This is a security risk as users expect all
    shell commands to require explicit approval in 'suggest' mode.
    
    ## Solution
    
    This PR fixes the issue by modifying the `canAutoApprove` function in
    `approvals.ts` to respect the 'suggest' mode policy for all shell
    commands:
    
    1. Added an early check at the beginning of `canAutoApprove` to
    immediately return `{ type: "ask-user" }` when the policy is `suggest`,
    regardless of whether the command is considered "safe" or not.
    
    2. Added a similar check in the bash command handling section to ensure
    bash commands also respect the 'suggest' mode.
    
    3. Updated tests to verify the new behavior, ensuring that all shell
    commands require approval in 'suggest' mode, while still being
    auto-approved in 'auto-edit' and 'full-auto' modes when appropriate.
    
    ## Testing
    
    All tests pass, confirming that the fix works as expected. The updated
    tests verify that:
    - All commands (even "safe" ones) require approval in 'suggest' mode
    - Safe commands are still auto-approved in 'auto-edit' mode
    - Bash commands with redirects still require approval in all modes
    
    This change ensures that the behavior matches what's documented and what
    users expect, improving security by requiring explicit permission for
    all shell commands in the default 'suggest' mode.